Abstract

Footnotes (712)

Using the URL or DOI link below will
ensure access to this page indefinitely

Based on your IP address, your paper is being delivered by:

New York, USA

Processing request.

Illinois, USA

Processing request.

Brussels, Belgium

Processing request.

Seoul, Korea

Processing request.

California, USA

Processing request.

If you have any problems downloading this paper,please click on another Download Location above, or view our FAQFile name: SSRN-id1788245. ; Size: 643K

You will receive a perfect bound, 8.5 x 11 inch, black and white printed copy of this PDF document with a glossy color cover. Currently shipping to U.S. addresses only. Your order will ship within 3 business days. For more details, view our FAQ.

Quantity:Total Price = $9.99 plus shipping (U.S. Only)

If you have any problems with this purchase, please contact us for assistance by email: Support@SSRN.com or by phone: 877-SSRNHelp (877 777 6435) in the United States, or +1 585 442 8170 outside of the United States. We are open Monday through Friday between the hours of 8:30AM and 6:00PM, United States Eastern.

An e-SOS for Cyberspace

Individuals, shadowy criminal organizations, and nation states all now have the capacity to harm modern societies through computer attacks. These new and severe cyberthreats put critical information, infrastructure, and lives at risk. And the threat is growing in scale and intensity with every passing day.

The conventional response to such cyberthreats is self-reliance. When self-reliance comes up short, states have turned to law for a solution. Cybercrime laws proscribe individuals from engaging in unwanted cyberactivities. Other international laws proscribe what states can (and cannot) do in terms of cyberwarfare. Both sets of rules work by attribution, targeting bad actors – whether criminals or states – to deter cyberthreats.

This Article challenges the sufficiency of existing cyber-law and security. Law cannot regulate the authors of cyberthreats because anonymity is built into the very structure of the Internet. As a result, existing rules on cybercrime and cyberwar do little to deter. They may even create new problems, when attackers and victims assume different rules apply to the same conduct.

Instead of regulating bad actors, this Article proposes states adopt a duty to assist victims of the most severe cyberthreats. A duty to assist works by giving victims assistance to avoid or mitigate serious harms. At sea, anyone who hears a victim’s SOS must offer whatever assistance they reasonably can. An e-SOS would work in a similar way. It would require assistance for cyberthreat victims without requiring them to know who, if anyone, was threatening them. An e-SOS system could help avoid harms from existing cyberthreats and deter others. Even when cyberthreats succeed, an e-SOS could make computer systems and networks more resilient to any harm they impose. At the same time, an e-SOS would compliment, rather than compete with, self-reliant measures and the existing legal proscriptions against cyberthreats.